University Crest

[wlug] OpenSSL Support In Debian Unstable Drops TLS 1.0/1.1 Support

wlug archive index About the wlug list Mailing lists home
To The University of Waikato HomepageWaikato Home > Waikato Mailing Lists > wlug Info > wlug archives
Peter Reutemann fracpete@w...
Tue Aug 8 09:06:38 NZST 2017

'Debian Linux "sid" is deprecating TLS 1.0 Encryption. A new version
of OpenSSL has been uploaded to Debian Linux unstable. This version
disables the TLS 1.0 and 1.1 protocol. This currently leaves TLS 1.2
as the only supported SSL/TLS protocol version. This will likely break
certain things that for whatever reason still don't support TLS 1.2. I
strongly suggest that if it's not supported that you add support for
it, or get the other side to add support for it. OpenSSL made a
release 5 years ago that supported TLS 1.2. The current support of the
server side seems to be around 90%. I hope that by the time Buster
releases the support for TLS 1.2 will be high enough that I don't need
to enable them again. This move caused some concern among Debian users
and sysadmins. If you are running Debian Unstable on server tons of
stuff is going to broken cryptographically. Not to mention legacy
hardware and firmware that still uses TLS 1.0. On the client side
(i.e. your users), you need to use the latest version of a browser
such as Chrome/Chromium and Firefox. The Older version of Android
(e.g. Android v5.x and earlier) do not support TLS 1.2. You need to
use minimum iOS 5 for TLS 1.2 support. Same goes with SMTP/mail
servers, desktop email clients, FTP clients and more. All of them
using old outdated crypto.

This move will also affect for Android 4.3 users or stock MS-Windows
7/IE users (which has TLS 1.2 switched off in Internet Options.) Not
to mention all the mail servers out there running outdated crypto.'

-- source:

Cheers, Peter
Peter Reutemann
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 858-5174

More information about the wlug mailing list
NOTICE: This is an archive of a public mailing list. The University of Waikato is not responsible for its contents.

The University of Waikato - Te Whare Wananga o Waikato